Use pzstd to compress the Docker in SWI slim images (sonic-net#21869)

#### Why I did it Same with sonic-net#21824 Enabled the docker inram feature for slim image. It would extract the docker image to ram during the boot, so it would take extra times during boot. ##### Work item tracking - Microsoft ADO **(number only)**: 31323281 #### How I did it Use pzstd which is more efficient tool to compress and decompress the docker file to reduce the boot time. Currently, we do not modify the "FILESYSTEM_DOCKERFS=dockerfs.tar.gz" in onie-image.conf, so for slim image, we still use dockerfs.tar.gz as file name but actually with zstd compressed. We tried to find out a way to adjust the file name in onie-image.conf, but it seems not easy to do that. So we use the file cmd to determine the compressing type in union-mount.j2, then use the related cmd to extract the docker file. Plan to support zstd for all types of images in the future to unify the docker file image . #### How to verify it Boot swi slim image and normal image, boot mellanox bin image, all boot successfully.  #### Which release branch to backport (provide reason below if selected)  - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 - [ ] 202205 - [ ] 202211 - [ ] 202305 #### Tested branch (Please provide the tested image version)  - [ ]  - [ ]  #### Description for the changelog   #### Link to config_db schema for YANG module changes  #### A picture of a cute animal (not mandatory but encouraged)
ayurkiv-nvda · Feb 27, 2025 · 932373e · 932373e
1 parent f3ddb66
commit 932373e
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 4 deletions.
diff --git a/build_debian.sh b/build_debian.sh
@@ -409,6 +409,12 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
     zstd                    \
     nvme-cli
 
+sudo cp files/initramfs-tools/pzstd $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/pzstd
+sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/pzstd
+
+sudo cp files/initramfs-tools/file $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/file
+sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/file
+
 # Have systemd create the auditd log directory
 sudo mkdir -p ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d
 sudo tee ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d/log-directory.conf >/dev/null <<EOF
@@ -872,7 +878,11 @@ if [[ $MULTIARCH_QEMU_ENVIRON == y || $CROSS_BUILD_ENVIRON == y ]]; then
 fi
 
 ## Compress docker files
-pushd $FILESYSTEM_ROOT && sudo tar -I pigz -cf $OLDPWD/$FILESYSTEM_DOCKERFS -C ${DOCKERFS_PATH}var/lib/docker .; popd
+if [ "$BUILD_REDUCE_IMAGE_SIZE" = "y" ]; then
+    pushd $FILESYSTEM_ROOT && sudo tar -I pzstd -cf $OLDPWD/$FILESYSTEM_DOCKERFS -C ${DOCKERFS_PATH}var/lib/docker .; popd
+else
+    pushd $FILESYSTEM_ROOT && sudo tar -I pigz -cf $OLDPWD/$FILESYSTEM_DOCKERFS -C ${DOCKERFS_PATH}var/lib/docker .; popd
+fi
 
 ## Compress together with /boot, /var/lib/docker and $PLATFORM_DIR as an installer payload zip file
 pushd $FILESYSTEM_ROOT && sudo tar -I pigz -cf platform.tar.gz -C $PLATFORM_DIR . && sudo zip -n .gz $OLDPWD/$INSTALLER_PAYLOAD -r boot/ platform.tar.gz; popd

diff --git a/files/dsc/install_debian.j2 b/files/dsc/install_debian.j2
@@ -15,7 +15,11 @@ image_dir=image-$image_version
 
 INSTALLER_PAYLOAD=fs.zip
 DOCKERFS_DIR=docker
+{% if BUILD_REDUCE_IMAGE_SIZE == "y" -%}
+FILESYSTEM_DOCKERFS=dockerfs.tar.zstd
+{%- else -%}
 FILESYSTEM_DOCKERFS=dockerfs.tar.gz
+{%- endif %}
 BL_CONF=boot.conf
 
 DATA_PARTUUID=6ED62003-DD8D-44B8-9538-0A2B7C7E628F

diff --git a/files/initramfs-tools/file b/files/initramfs-tools/file
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+PREREQ=""
+prereqs() {
+    echo "$PREREQ"
+}
+case "$1" in
+    prereqs)
+        prereqs
+        exit 0
+        ;;
+esac
+. /usr/share/initramfs-tools/hook-functions
+# Include file binary
+copy_exec /usr/bin/file /usr/bin
+# Include magic database
+copy_exec /usr/lib/file/magic.mgc /etc
+exit 0
diff --git a/files/initramfs-tools/pzstd b/files/initramfs-tools/pzstd
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -e
+PREREQ=""
+prereqs() {
+    echo "$PREREQ"
+}
+case "$1" in
+    prereqs)
+        prereqs
+        exit 0
+        ;;
+esac
+. /usr/share/initramfs-tools/hook-functions
+# Include pzstd binary
+copy_exec /usr/bin/pzstd /usr/bin
+exit 0
diff --git a/files/initramfs-tools/union-mount.j2 b/files/initramfs-tools/union-mount.j2
@@ -130,9 +130,15 @@ extract_dockerfs()
 {
     echo "Extracting {{ FILESYSTEM_DOCKERFS }}"
     if [ -f "${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }}" ] && [ "$secureboot" = false ]; then
-        # Extract dockerfs.tar.gz into /var/lib/docker unless the system booted with secureboot
-        # In secureboot dockerfs.tar.gz cannot be trusted as it does not have a signature
-        tar xz --numeric-owner -f ${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }} -C ${rootmnt}/var/lib/docker
+        # Check if the file is zstd compressed
+        file_type=$(file -b --mime-type "${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }}")
+        if [ "$file_type" = "application/zstd" ]; then
+            echo "Detected zstd compression, extracting with pzstd..."
+            pzstd -d -q ${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }} -c | tar x --numeric-owner -C ${rootmnt}/var/lib/docker
+        else
+            echo "Using default extraction method (gzip assumed)..."
+            tar xz --numeric-owner -f "${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }}" -C "${rootmnt}/var/lib/docker"
+        fi
     elif [ "$bootloader" = "aboot" ] && unzip -l "$swi_path" | grep -q {{ FILESYSTEM_DOCKERFS }}; then
         # Aboot swi images also support extracting dockerfs.tar.gz directly from them
         unzip -qp "$swi_path" {{ FILESYSTEM_DOCKERFS }} | tar xz --numeric-owner -C ${rootmnt}/var/lib/docker